def inviteUser(email, configMap, allPermissions, plugin_tag, name): #Get Authorization token data = {'grant_type': 'client_credentials'} credential = requests.post( "https://bitbucket.org/site/oauth2/access_token", auth=(getKey(configMap), getSecret(configMap)), data=data) my_json = credential.content.decode('utf8') data = json.loads(my_json) access_token = data.get('access_token') cli_groups = [] for permission in allPermissions: thisPermissions = ast.literal_eval(permission) if thisPermissions['plugin'] == plugin_tag: del thisPermissions['plugin'] cli_groups = list(thisPermissions.values()) break if len(cli_groups) == 0: cli_groups = getGroups(configMap, plugin_tag) for group in cli_groups: invGroup = requests.put("https://api.bitbucket.org/1.0/users/" + configMap['global']['organization'] + "/invitations/" + email + "/" + configMap['global']['organization'] + "/" + group + "?access_token=" + access_token) log = 'BitBucket: Email invite sent from Bitbucket.\n' instruction = inviteMessage(configMap, plugin_tag) return getJsonResponse('Bitbucket', email, log, instruction)
def removeUser(email, configMap, allPermissions, plugin_tag): log = plugin_tag + ': ' + email[:-13] + removalMessage( configMap, plugin_tag) + '\n' instruction = email[:-13] + removalMessage(configMap, plugin_tag) for plugin in configMap['plugins']: if plugin['plugin'] + ':' + plugin['tag'] == plugin_tag: azureConfig = plugin credentialsToken = UserPassCredentials( azureConfig['email'], azureConfig["password"], resource="https://graph.windows.net") graphrbac_client = GraphRbacManagementClient(credentialsToken, azureConfig["directory"]) users = graphrbac_client.users.list() for user in users: if user.user_principal_name[:-29] == email[:-13]: userID = user.object_id break try: graphrbac_client.users.delete(userID) except: log = plugin_tag + ': ' + email[:-13] + ' does not exist in Azure AD\n' instruction = email[:-13] + ' does not exist in Azure AD' return getJsonResponse("Azure Active Directory", email, log, instruction)
def removeUser(email, configMap, allPermissions, plugin_tag): #Get Authorization token key = getKey(configMap) data = {'grant_type': 'client_credentials'} credential = requests.post( "https://bitbucket.org/site/oauth2/access_token", auth=(getKey(configMap), getSecret(configMap)), data=data) my_json = credential.content.decode('utf8') data = json.loads(my_json) access_token = data.get('access_token') #get all groups groups = requests.get("https://api.bitbucket.org/1.0/groups/" + configMap['global']['organization'] + "?access_token=" + access_token) my_json = groups.content.decode('utf8') data = json.loads(my_json) # Remove from groups for group in data: delMem = requests.delete("https://api.bitbucket.org/1.0/groups/" + configMap['global']['organization'] + "/" + group.get('name').lower() + "/members/" + email + "?access_token=" + access_token) log = 'BitBucket: ' + email + ' removed from team.\n' instruction = email[:-13] + removalMessage(configMap, plugin_tag) return getJsonResponse('Bitbucket', email, log, instruction)
def inviteUser(email,configMap,allPermissions, plugin_tag, name): for plugin in configMap['plugins']: if plugin['plugin'] + ':' + plugin['tag'] == plugin_tag: password= plugin['password'] user=plugin['admin'] url=plugin['url'] data = { "name": email[:-13], #username "password": "******", "emailAddress": email, "displayName": name, "applicationKeys": [ "jira-server" ] } data=json.dumps(data) headers = {'Accept':'application/json', 'Content-Type': 'application/json' } create=requests.post(url+'/rest/api/2/user', headers=headers,auth=(user, password), data=data) data={'name': email[:-13]} data = json.dumps(data) groups = getCLIgroups(configMap, plugin_tag, allPermissions) for group in groups: add=requests.post(url+'/rest/api/2/group/user?groupname='+group, auth=(user, password),headers=headers, data=data ) log = 'Jira: ' + email[:-13] + ' added to ' + plugin_tag + '\n' instruction = inviteMessage(configMap, plugin_tag) return getJsonResponse("Jira Server",email, log, instruction)
def removeUser(email, configMap,allPermissions, plugin_tag): for plugin in configMap['plugins']: if plugin['plugin'] + ':' + plugin['tag'] == plugin_tag: password = plugin['password'] user = plugin['admin'] url=plugin['url'] headers = {'Accept': 'application/json', 'Content-Type': 'application/json' } #listing user groups returns empty array. Getting all org groups instead. # https://docs.atlassian.com/software/jira/docs/api/REST/7.6.1/#api/2/user-getUser #get = requests.get(url+"/rest/api/2/user?username="******"/rest/api/2/groups/picker?username="******"<username>",email[:-13]) return getJsonResponse("Jira Server", email, log, instruction)
def inviteUser(email, configMap, allPermissions, plugin_tag, name): rights = {} for permission in allPermissions: thisPermissions = ast.literal_eval(permission) if thisPermissions['plugin'] == plugin_tag: del thisPermissions['plugin'] rights = thisPermissions break if len(rights) == 0: rights = getPermissions(configMap, plugin_tag) rights['user[email]'] = email users = requests.post( getUrl(configMap, plugin_tag) + "/invite.json", headers={'X-Papertrail-Token': getApiToken(configMap, plugin_tag)}, data=rights) log = plugin_tag + ': Email invite sent from Papertrail.\n' instruction = inviteMessage(configMap, plugin_tag) if users.status_code != 200: log = plugin_tag + ' error: ' + str(users.status_code) + str( users.content) + ' Make sure if email doesn\'t exist already.\n' instruction = log return getJsonResponse('Papertrail ' + plugin_tag[11:], email, log, instruction)
def removeUser(email, configMap, allPermissions, plugin_tag): #get team id team = requests.get("https://slack.com/api/team.info?token=" + getApiToken(configMap, plugin_tag)) my_json = team.content.decode('utf8') data = json.loads(my_json) teamId = data['team']['id'] log = "Slack: " + email[:-13] + " was removed from Slack.\n" instruction = email[:-13] + removalMessage(configMap, plugin_tag) try: #get user id userId = requests.get("https://slack.com/api/auth.findUser?token=" + getApiToken(configMap, plugin_tag) + "&email=" + email + "&team=" + teamId) my_json = userId.content.decode('utf8') data = json.loads(my_json) slackUserID = data['user_id'] #disable user user = requests.post("https://slack.com/api/users.admin.setInactive" + "?token=" + getApiToken(configMap, plugin_tag) + "&user=" + slackUserID) except Exception as error: log = 'Slack: Remove from slack error: ' + email + ' does not exist or is already inactive\n error: ' + str( error) + '\n' instruction = email + ' was not found or is already inactive.' return getJsonResponse('Slack', email, log, instruction)
def inviteUser(email, configMap, allPermissions, plugin_tag, name): groups = getCLIgroups(configMap, plugin_tag, allPermissions) for plugin in configMap['plugins']: if plugin['plugin'] + ':' + plugin['tag'] == plugin_tag: azureConfig = plugin log = 'Azure: ' + email[:-13] + ' added to ' + azureConfig[ "directory"] + '.\n' instruction = inviteMessage(configMap, plugin_tag).replace( "<username>", email[:-13] + "@{}".format(azureConfig["directory"])) pw = 'Ab1' + ''.join( random.choices( string.ascii_uppercase + string.ascii_lowercase + string.digits, k=13)) credentialsToken = UserPassCredentials( azureConfig['email'], # new user azureConfig["password"], resource="https://graph.windows.net") graphrbac_client = GraphRbacManagementClient(credentialsToken, azureConfig["directory"]) try: user = graphrbac_client.users.create( UserCreateParameters(user_principal_name=email[:-13] + "@{}".format(azureConfig["directory"]), account_enabled=True, display_name=name, mail_nickname=email[:-13], password_profile=PasswordProfile( password=pw, force_change_password_next_login=True))) url = azureConfig['url'] + user.object_id groupIDs = [] azureGroups = graphrbac_client.groups.list() for group in groups: for azureGroup in azureGroups: if group == azureGroup.display_name: groupIDs.append(azureGroup.object_id) for groupId in groupIDs: addGroup = graphrbac_client.groups.add_member(groupId, url) except: log = 'Azure: failed to add, ' + email + ', user already exists .\n' instruction = email + ' already exists.' return getJsonResponse("Azure Active Directory", email, log, instruction)
def removeUser(email, configMap, allPermissions, plugin_tag): #Deletes the specified IAM user. The user must not belong to any groups or have any access keys, signing certificates, or attached policies. for key in configMap['plugins']: if key['plugin'] + ':' + key['tag'] == plugin_tag: ID = key['ID'] Secret = key['Secret'] username = email[:-13] client = boto3.client('iam', aws_access_key_id=ID, aws_secret_access_key=Secret) log = plugin_tag + ': ' + username + ' removed from organization.\n' instruction = email[:-13] + removalMessage(configMap, plugin_tag) try: # remove from groups response = client.list_groups_for_user(UserName=username) groups = response.get('Groups') for group in groups: response = client.remove_user_from_group( GroupName=group.get('GroupName'), UserName=username) # remove access keys response = client.list_access_keys(UserName=username) keys = response.get('AccessKeyMetadata') for key in keys: response = client.delete_access_key( UserName=username, AccessKeyId=key.get('AccessKeyId')) # delete login profile try: response = client.delete_login_profile(UserName=username) except: pass response = client.delete_user(UserName=username) except (botocore.exceptions.ClientError, botocore.exceptions.ClientError) as e: if e.response['Error']['Code'] == 'NoSuchEntity': log = plugin_tag + ': Failed to remove ' + username + '. ' + str(e) instruction = plugin_tag + ': Failed to remove ' + username + '. ' + str( e) else: raise e return getJsonResponse('AWS ' + plugin_tag[4:], email, log, instruction)
def removeUser(email, configMap, allPermissions, plugin_tag): users = requests.get( getUrl(configMap, plugin_tag) + ".json", headers={'X-Papertrail-Token': getApiToken(configMap, plugin_tag)}) my_json = users.content.decode('utf8') data = json.loads(my_json) for element in data: if element['email'] == email: id = element['id'] log = plugin_tag + ': ' + email + ' removed from papertrail.\n' instruction = email[:-13] + removalMessage(configMap, plugin_tag) try: users = requests.delete( getUrl(configMap, plugin_tag) + "/" + str(id) + ".json", headers={'X-Papertrail-Token': getApiToken(configMap, plugin_tag)}) except (UnboundLocalError): log = plugin_tag + ' ' + email + ' does not exist, delete failed.\n' return getJsonResponse('Papertrail ' + plugin_tag[11:], email, log, instruction)
def inviteUser(email, configMap, allPermissions, plugin_tag, name): username = email[:-13] cli_groups = [] log = 'AWS: ' + username + ' added to ' + plugin_tag + '\n' instruction = inviteMessage(configMap, plugin_tag).replace("<username>", username) for permission in allPermissions: thisPermissions = ast.literal_eval(permission) if thisPermissions['plugin'] == plugin_tag: del thisPermissions['plugin'] cli_groups = list(thisPermissions.values()) break if len(cli_groups) == 0: cli_groups = getGroups(configMap, plugin_tag) for key in configMap['plugins']: if key['plugin'] + ':' + key['tag'] == plugin_tag: ID = key['ID'] Secret = key['Secret'] client = boto3.client('iam', aws_access_key_id=ID, aws_secret_access_key=Secret) try: response = client.create_user(UserName=username) except: log = plugin_tag + ' user ' + username + ' already exists' + '\n' instruction = plugin_tag + ' user ' + username + ' already exists' for group in cli_groups: response = client.add_user_to_group(GroupName=group, UserName=username) return getJsonResponse('AWS ' + plugin_tag[4:], email, log, instruction)
def removeUser(email, configMap, allPermissions, plugin_tag): log = 'artifactory: ' + email + ' removed alongside AD account \n' instruction = email[:-13] + removalMessage(configMap, plugin_tag) return getJsonResponse('Artifactory', email, log, instruction)
def inviteUser(email, configMap, allPermissions, plugin_tag, name): log = 'Artifactory: Instruction sent in email.\n' instruction = inviteMessage(configMap, plugin_tag) return getJsonResponse('Artifactory', email, log, instruction)